# Keystore Security Instruction

# Keystore file

The account keystore file is your unique private key and a encrypted file that is used to sign transactions. It allows you to store the key in an encrypted manner.

This approach combines security (an attacker needs the account keystore file and your password to steal your assets) and ease of use (you only need the account keystore file and password to access the assets).


If the private key is lost, it means you cant no longer sign the transaction, and your assets are permanently locked up in your account.

So, please keep your private key and account keystore file! Do not disclose your private key and account keystore file password to others!

Keystore file format:

   "account_address" : "T800002276a7d58218ac4978733e5cca927a7d86cb7c87",
   "address" : "2276a7d58218ac4978733e5cca927a7d86cb7c87",
   "crypto" : {
      "cipher" : "aes-128-ctr",
      "cipherparams" : {
         "iv" : "09dade6d3ce2741794e49d65f8dd65a4"
      "ciphertext" : "a45fd491c32ad271039883ed4084e18c57e12cd2c21af1522fe94ba8313634a3",
      "kdf" : "scrypt",
      "kdfparams" : {
         "dklen" : 32,
         "n" : 262144,
         "p" : 1,
         "r" : 8,
         "salt" : "9ed2bcb3349392765fec47bb20776cdb69e0e3a4d19d26da65f9371f83cfc2b5"
      "mac" : "da83cf03746166c877bf319d6371c7f54d518c48c99b1782fdad56e343b812f6"
   "hint" : "",
   "id" : "568498c9-889b-a26d-fa01-bc9a67ffc472",
   "key_type" : "owner",
   "public_key" : "9b473e552fd05ed2e39d4d3af18367cc98859d50a3eb93805e4706b6b86310c83a2c4e847b662266330cef4cfb7c595ad655ab6a18d86708fe7bc00b589a3a68",
   "version" : 3

# Generate Keystore File

  1. Generate the original private key and perform hexadecimal encoding on the original data.

  2. Generate 32-byte salt.

  3. Generate AES 32-byte encryption key. Where: Kdf algorithm is scrypt, hash algorithm is SHA3-256, with the password, to generate the encryption key.

  4. Generate AES 16-byte iv.

  5. Generate ciphertext. Encryption algorithm is AES128, encryption mode is CTR_Mode.

  6. Calculate 32 byte MAC, the last 16 bytes of aes_key are spliced with the encrypted ciphertext, and then hash (SHA3-256) the spliced data.

  7. Write the above data to the file.